From 0843fdfb23ab7f3b2ed1711bc98bc04f26bfebbe Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 13 Sep 2018 09:03:41 +0200 Subject: [PATCH] adding and updating clusters --- clusters/botnet.json | 16 ++++++++++++++-- clusters/tool.json | 15 ++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 243fa61..8033e87 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -579,7 +579,8 @@ "meta": { "date": "August 2016", "refs": [ - "https://en.wikipedia.org/wiki/Mirai_(malware)" + "https://en.wikipedia.org/wiki/Mirai_(malware)", + "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/" ] }, "related": [ @@ -800,7 +801,18 @@ }, "uuid": "07815089-e2c6-4084-9a62-3ece7210f33f", "value": "Bamital" + }, + { + "value": "Gafgyt", + "description": "Linux.Gafgyt is a Trojan horse that opens a back door on the compromised computer and steals information. The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall’s Global Management System (GMS).", + "meta": { + "refs": [ + "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/", + "https://www.symantec.com/security-center/writeup/2014-100222-5658-99" + ] + }, + "uuid": "40795af6-b721-11e8-9fcb-570c0b384135" } ], - "version": 9 + "version": 10 } diff --git a/clusters/tool.json b/clusters/tool.json index 151688b..950ef71 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -5731,7 +5731,20 @@ ] }, "uuid": "69ed8a69-8b33-4195-9b21-a1f4cd76acde" + }, + { + "value": "Sirefef", + "description": "This family of malware uses stealth to hide its presence on your PC. Trojans in this family can do different things, including: -Downloading and running other files -Contacting remote hosts -Disabling security features\nMembers of the family can also change search results, which can generate money for the hackers who use Sirefef.", + "meta": { + "refs": [ + "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2Fsirefef" + ], + "synonyms": [ + "Win32/Sirefef" + ] + }, + "uuid": "641464a6-b690-11e8-976e-bffc9a17c6a4" } ], - "version": 86 + "version": 87 }